[PATCH v4 4/5] arm64: Store IMA log information in kimage used for kexec

devicetree.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
To: zohar@linux.ibm.com, bauerman@linux.ibm.com, robh@kernel.org,
	gregkh@linuxfoundation.org, james.morse@arm.com,
	catalin.marinas@arm.com, sashal@kernel.org, will@kernel.org,
	mpe@ellerman.id.au, benh@kernel.crashing.org, paulus@samba.org,
	robh+dt@kernel.org, frowand.list@gmail.com,
	vincenzo.frascino@arm.com, mark.rutland@arm.com,
	dmitry.kasatkin@gmail.com, jmorris@namei.org, serge@hallyn.com,
	pasha.tatashin@soleen.com, allison@lohutok.net,
	kstewart@linuxfoundation.org, takahiro.akashi@linaro.org,
	tglx@linutronix.de, masahiroy@kernel.org, bhsharma@redhat.com,
	mbrugger@suse.com, hsinyi@chromium.org, tao.li@vivo.com,
	christophe.leroy@c-s.fr
Cc: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
	devicetree@vger.kernel.org, prsriva@linux.microsoft.com,
	balajib@linux.microsoft.com
Subject: [PATCH v4 4/5] arm64: Store IMA log information in kimage used for kexec
Date: Wed, 19 Aug 2020 10:21:33 -0700	[thread overview]
Message-ID: <20200819172134.11243-5-nramas@linux.microsoft.com> (raw)
In-Reply-To: <20200819172134.11243-1-nramas@linux.microsoft.com>

Address and size of the buffer containing the IMA measurement log need
to be passed from the current kernel to the next kernel on kexec.

Add address and size fields to "struct kimage_arch" for ARM64 platform
to hold the address and size of the IMA measurement log buffer.
Define an architecture specific function for ARM64 namely
arch_ima_add_kexec_buffer() that will set the address and size of
the current kernel's IMA buffer to be passed to the next kernel on kexec.

Co-developed-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
Signed-off-by: Prakhar Srivastava <prsriva@linux.microsoft.com>
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
---
 arch/arm64/include/asm/ima.h           | 17 +++++++++++++++++
 arch/arm64/include/asm/kexec.h         |  3 +++
 arch/arm64/kernel/machine_kexec_file.c | 17 +++++++++++++++++
 3 files changed, 37 insertions(+)
 create mode 100644 arch/arm64/include/asm/ima.h

diff --git a/arch/arm64/include/asm/ima.h b/arch/arm64/include/asm/ima.h
new file mode 100644
index 000000000000..70ac39b74607
--- /dev/null
+++ b/arch/arm64/include/asm/ima.h
@@ -0,0 +1,17 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _ASM_ARCH_IMA_H
+#define _ASM_ARCH_IMA_H
+
+struct kimage;
+
+#ifdef CONFIG_IMA_KEXEC
+int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
+			      size_t size);
+#else
+static inline int arch_ima_add_kexec_buffer(struct kimage *image,
+			unsigned long load_addr, size_t size)
+{
+	return 0;
+}
+#endif /* CONFIG_IMA_KEXEC */
+#endif /* _ASM_ARCH_IMA_H */
diff --git a/arch/arm64/include/asm/kexec.h b/arch/arm64/include/asm/kexec.h
index d24b527e8c00..7bd60c185ad3 100644
--- a/arch/arm64/include/asm/kexec.h
+++ b/arch/arm64/include/asm/kexec.h
@@ -100,6 +100,9 @@ struct kimage_arch {
 	void *elf_headers;
 	unsigned long elf_headers_mem;
 	unsigned long elf_headers_sz;
+
+	phys_addr_t ima_buffer_addr;
+	size_t ima_buffer_size;
 };
 
 extern const struct kexec_file_ops kexec_image_ops;
diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c
index 361a1143e09e..4c54723e7a04 100644
--- a/arch/arm64/kernel/machine_kexec_file.c
+++ b/arch/arm64/kernel/machine_kexec_file.c
@@ -38,6 +38,23 @@ const struct kexec_file_ops * const kexec_file_loaders[] = {
 	NULL
 };
 
+/**
+ * arch_ima_add_kexec_buffer - do arch-specific steps to add the IMA buffer
+ *
+ * Architectures should use this function to pass on the IMA buffer
+ * information to the next kernel.
+ *
+ * Return: 0 on success, negative errno on error.
+ */
+int arch_ima_add_kexec_buffer(struct kimage *image, unsigned long load_addr,
+			      size_t size)
+{
+	image->arch.ima_buffer_addr = load_addr;
+	image->arch.ima_buffer_size = size;
+	return 0;
+}
+
+
 int arch_kimage_file_post_load_cleanup(struct kimage *image)
 {
 	vfree(image->arch.dtb);
-- 
2.28.0

next prev parent reply	other threads:[~2020-08-19 17:22 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-19 17:21 [PATCH v4 0/5] Carry forward IMA measurement log on kexec on ARM64 Lakshmi Ramasubramanian
2020-08-19 17:21 ` [PATCH v4 1/5] powerpc: Refactor kexec functions to move arch independent code to IMA Lakshmi Ramasubramanian
2020-08-27 23:35   ` Thiago Jung Bauermann
2020-08-28 17:40     ` Lakshmi Ramasubramanian
2020-08-28  1:23   ` Thiago Jung Bauermann
2020-08-28 17:43     ` Lakshmi Ramasubramanian
2020-08-19 17:21 ` [PATCH v4 2/5] powerpc: Use libfdt functions to fetch IMA buffer properties Lakshmi Ramasubramanian
2020-08-27 23:50   ` Thiago Jung Bauermann
2020-08-28 17:46     ` Lakshmi Ramasubramanian
2020-08-19 17:21 ` [PATCH v4 3/5] IMA: Refactor do_get_kexec_buffer() to call of_ functions directly Lakshmi Ramasubramanian
2020-08-28  0:25   ` Thiago Jung Bauermann
2020-08-19 17:21 ` Lakshmi Ramasubramanian [this message]
2020-08-28 20:50   ` [PATCH v4 4/5] arm64: Store IMA log information in kimage used for kexec Thiago Jung Bauermann
2020-08-19 17:21 ` [PATCH v4 5/5] arm64: Add IMA kexec buffer to DTB Lakshmi Ramasubramanian
2020-08-28 21:43   ` Thiago Jung Bauermann

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:70ac39b7460 dfblob:d24b527e8c0 dfblob:7bd60c185ad
dfblob:361a1143e09 dfblob:4c54723e7a0 )
 OR (
bs:"[PATCH v4 4/5] arm64: Store IMA log information in kimage used for kexec" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200819172134.11243-5-nramas@linux.microsoft.com \
    --to=nramas@linux.microsoft.com \
    --cc=allison@lohutok.net \
    --cc=balajib@linux.microsoft.com \
    --cc=bauerman@linux.ibm.com \
    --cc=benh@kernel.crashing.org \
    --cc=bhsharma@redhat.com \
    --cc=catalin.marinas@arm.com \
    --cc=christophe.leroy@c-s.fr \
    --cc=devicetree@vger.kernel.org \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=frowand.list@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=hsinyi@chromium.org \
    --cc=james.morse@arm.com \
    --cc=jmorris@namei.org \
    --cc=kstewart@linuxfoundation.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mark.rutland@arm.com \
    --cc=masahiroy@kernel.org \
    --cc=mbrugger@suse.com \
    --cc=mpe@ellerman.id.au \
    --cc=pasha.tatashin@soleen.com \
    --cc=paulus@samba.org \
    --cc=prsriva@linux.microsoft.com \
    --cc=robh+dt@kernel.org \
    --cc=robh@kernel.org \
    --cc=sashal@kernel.org \
    --cc=serge@hallyn.com \
    --cc=takahiro.akashi@linaro.org \
    --cc=tao.li@vivo.com \
    --cc=tglx@linutronix.de \
    --cc=vincenzo.frascino@arm.com \
    --cc=will@kernel.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).